Does K2 Blocks have any unpatched vulnerabilities?

No. All known vulnerabilities in K2 Blocks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is K2 Blocks compatible with WordPress 6.4.8?

According to WordPress.org data, K2 Blocks 1.1.4 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is K2 Blocks compatible with PHP 7.0+?

K2 Blocks requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is K2 Blocks updated?

K2 Blocks was last updated on Mar 25, 2024. Frequent updates are generally a positive security signal.

What is K2 Blocks's security score?

K2 Blocks has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

K2 Blocks Security & Risk Analysis

wordpress.org/plugins/k2-blocks

K2 Blocks Build Gutenberg Websites With Advanced Features At Lightning Speed.

10 active installs v1.1.4 PHP 7.0+ WP 6.1+ Updated Mar 25, 2024

blocksgutenbergpage-builderwidgets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is K2 Blocks Safe to Use in 2026?

Generally Safe

Score 85/100

K2 Blocks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The 'k2-blocks' v1.1.4 plugin exhibits a mixed security posture. On the positive side, it has no known vulnerabilities (CVEs) and demonstrates good practices in its handling of SQL queries, utilizing prepared statements exclusively. There are also no file operations or external HTTP requests, reducing potential attack vectors. However, significant concerns arise from the static analysis. The plugin exposes a single AJAX handler without any authentication or capability checks, creating a direct entry point for unauthorized actions. Furthermore, a substantial portion (75%) of its output is not properly escaped, posing a risk of Cross-Site Scripting (XSS) attacks. The taint analysis reveals two flows with unsanitized paths, which, while not classified as critical or high severity, still indicate potential weaknesses in how user-supplied data is processed. The absence of nonce checks on the exposed AJAX handler is a notable oversight. Overall, while the lack of historical vulnerabilities is reassuring, the current code has clear and immediate risks related to unauthorized access and potential XSS vulnerabilities that need to be addressed.

Key Concerns

Unprotected AJAX handler
Unescaped output (75%)
Flows with unsanitized paths (2)
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

K2 Blocks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

K2 Blocks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped4 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save_license_key (k2-blocks.php:324)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

K2 Blocks Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_save_license_keyk2-blocks.php:39

WordPress Hooks 7

actioninitk2-blocks.php:33

actionadmin_enqueue_scriptsk2-blocks.php:34

actionadmin_menuk2-blocks.php:35

actionwp_enqueue_scriptsk2-blocks.php:36

actionwp_enqueue_scriptsk2-blocks.php:37

actionadmin_enqueue_scriptsk2-blocks.php:38

filterblock_categories_allk2-blocks.php:374

Maintenance & Trust

K2 Blocks Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedMar 25, 2024

PHP min version7.0

Downloads8K

Community Trust

Rating100/100

Number of ratings7

Active installs10

Alternatives

K2 Blocks Alternatives

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor

kadence-blocks

20+ AI-powered Gutenberg Blocks with endless options, enabling top-notch efficiency for high-performance dynamic website creation.

600K 31 CVEs

Page Builder: Pagelayer – Drag and Drop website builder

pagelayer

The most advanced frontend drag & drop page builder. Pagelayer is a light weight but extremely powerful Website Builder.

400K 25 CVEs

Page Builder Gutenberg Blocks – CoBlocks

coblocks

CoBlocks is a suite of page builder WordPress blocks for Gutenberg, with 10+ new blocks and a true page builder experience with rows and columns.

300K 1 unpatched

Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE

otter-blocks

Quickly create WordPress pages with 20+ blocks, 100+ ready-to-import designs, and advanced editor extensions. It’s website building, Lego-style!

300K 11 CVEs

GenerateBlocks

generateblocks

A small collection of lightweight WordPress blocks that can accomplish nearly anything.

200K 5 CVEs

Developer Profile

K2 Blocks Developer Profile

pookidevs

3 plugins · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect K2 Blocks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/k2-blocks/css/plugin.css/wp-content/plugins/k2-blocks/dist/style-all-blocks.css/wp-content/plugins/k2-blocks/dist/all-blocks.css/wp-content/plugins/k2-blocks/dist/index.js

Script Paths

/wp-content/plugins/k2-blocks/dist/index.js

HTML / DOM Fingerprints

CSS Classes

k2-blocks-dashboad-welcomek2-blocks-dashboard-navk2-header-containerk2-dashboard-header-logok2-blocks-dashboard-welocme-containerk2-blocks-dashboard-left-containerdashboard-welocme-textk2-blocks-youtube-video-cont+9 more

Data Attributes

data-block="k2blocks/blocks"

FAQ